FORT RPKI Issue

[haithamjneid]

hello guys,

please need your support,
I'm running the following command and this is what I get:
[haitham.jneid@saryfortval02 ~]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2024-05-22 12:51:42 +03; 26min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 146353 (fort)
Tasks: 22 (limit: 36397)
Memory: 1.3G
CGroup: /system.slice/fort.service
└─146353 /usr/bin/fort --configuration-file /etc/fort/config.json

May 22 12:51:42 saryfortval02 systemd[1]: Started FORT RPKI validator.

however for checking if FORT is ready for RTR connection, the following command ([root@validator ~]# journalctl -u fort -f
) is not providing the output stating that
Aug 12 13:34:00 validator fort[9708]: WRN: First validation cycle
successfully ended, now you can connect your router(s)

instead it provides the following output. please need your help.

[haitham.jneid@saryfortval02 ~]$ sudo journalctl -u fort -f
-- Logs begin at Thu 2024-05-16 18:27:25 +03. --
May 22 11:03:19 saryfortval02 systemd[1]: Stopping FORT RPKI validator...
May 22 11:03:19 saryfortval02 systemd[1]: fort.service: Succeeded.
May 22 11:03:19 saryfortval02 systemd[1]: Stopped FORT RPKI validator.
May 22 11:03:53 saryfortval02 systemd[1]: Started FORT RPKI validator.
May 22 11:12:24 saryfortval02 fort[142882]: May 22 11:12:24 WRN: Location '/etc/fort/' doesn't have files with extension '.slurm'
May 22 12:21:24 saryfortval02 fort[142882]: May 22 12:21:24 WRN: Location '/etc/fort/' doesn't have files with extension '.slurm'
May 22 12:51:18 saryfortval02 systemd[1]: Stopping FORT RPKI validator...
May 22 12:51:18 saryfortval02 systemd[1]: fort.service: Succeeded.
May 22 12:51:18 saryfortval02 systemd[1]: Stopped FORT RPKI validator.
May 22 12:51:42 saryfortval02 systemd[1]: Started FORT RPKI validator.

[ydahhrk]

Can you post the contents of /etc/fort/config.json?

[haithamjneid]

{
"tal": "/etc/fort/tal/",
"local-repository": "/var/lib/fort/",
"work-offline": false,
"shuffle-uris": false,
"maximum-certificate-depth": 32,
"mode": "server",
"daemon": false,
"server": {
"address": [
"10.123.102.122"
],
"port": "8323",
"backlog": 64,
"interval": {
"validation": 3600,
"refresh": 3600,
"retry": 600,
"expire": 7200
}
},
"slurm": "/etc/fort/slurm/",
"log": {
"enabled": true,
"level": "warning",
"output": "console",
"color-output": false,
"file-name-format": "global-url",
"facility": "daemon"
},
"validation-log": {
"enabled": false,
"level": "warning",
"output": "console",
"color-output": false,
"file-name-format": "global-url",
"facility": "daemon",
"tag": "Validation"
},
"http": {
"enabled": true,
"priority": 60,
"retry": {
"count": 2,
"interval": 5
},
"user-agent": "fort/1.5.0",
"connect-timeout": 30,
"transfer-timeout": 0,
"ca-path": "/usr/local/ssl/certs"
},
"rsync": {
"enabled": true,
"priority": 50,
"retry": {
"count": 2,
"interval": 5
},
"program": "rsync",
"arguments-recursive": [
"--recursive",
"--delete",
"--times",
"--contimeout=20",
"--timeout=15",
"$REMOTE",
"$LOCAL"
],
"arguments-flat": [
"--times",
"--contimeout=20",
"--timeout=15",
"--dirs",
"$REMOTE",
"$LOCAL"
]
},
"incidences": [
{
"name": "incid-hashalg-has-params",
"action": "ignore"
},
{
"name": "incid-obj-not-der-encoded",
"action": "ignore"
},
{
"name": "incid-file-at-mft-not-found",
"action": "error"
},
{
"name": "incid-file-at-mft-hash-not-match",
"action": "error"
},
{
"name": "incid-mft-stale",
"action": "error"
},
{
"name": "incid-crl-stale",
"action": "error"
}
],
"output": {
"roa": "/etc/fort/roas.csv",
"bgpsec": "/etc/fort/bgpsec.csv",
"format": "csv"
},
"thread-pool": {
"server": {
"max": 20
},
"validation": {
"max": 5
}
},
"asn1-decode-max-stack": 4096
}

[ydahhrk]

"user-agent": "fort/1.5.0",

Is this consistent with reality? Which version are you running? It's best not to change this value from its default unless you have a good reason for it.

WRN: First validation cycle
successfully ended, now you can connect your router(s)

Ohhhhhhhhhh. So you're using that message as a green light?

I have been refactoring Fort's logging output since 1.6.0's development. This is one of the messages that changed. I left a comment in the code, actually. The log message was downgraded to INFO severity, and reworded into "Main loop: Ready for routers."

Are you the person who requested that warning? I can restore it, but I would like to discuss alternate ways to solve this problem, because I'm not sure log parsing is a healthy way of doing it.

The intent of the standards is that validators return an error code that means "No Data Available (yet)" while they're first building their VRP list. Clients are supposed to treat this as a temporary issue. If your routers persist in being disconnected long after Fort has finished the first cycle, then that suggests a bug somewhere.

Can you please explain what happens if you connect your routers before Fort finishes the first cycle?

And is there another reason why you wait for that WRN?

[haithamjneid]

thanks for your reply, I'm using version fort-1.6.1-1.el8.x86_64.rpm

yes i'm waiting for this message to connect my routers:
WRN: First validation cycle
successfully ended, now you can connect your router(s)

in my case, all VRPs have been downloaded successfully and stored in the /etc/fort/roas.csv.
i'm just waiting for the above message to appear so that I know that my validator is ready for the RTR connection from my routers.

[ydahhrk]

Ok, but I need to know the answer to these questions:

What happens if you connect your routers before Fort finishes the first cycle?

And what makes it so undesirable?

[ydahhrk]

Ok, I'm running out of time for the 1.6.2 release, so I will restore the warning for the time being.

Please be aware that I will delete it again once #50 is implemented (which is currently scheduled for the 1.6.5 release), because once that happens I'll expect you to query the status to Prometheus instead of the logs. (I will document this when it happens.)

But I still think there shouldn't be a reason why you'd need to wait out the first cycle to connect your routers. If unready Fort is doing something that's causing your routers to go crazy, then there's at least one bug in either of them, and if Fort is at fault, I would like to fix it.

[haithamjneid]

Hi Alberto,

I still didn't connect my router. just waiting for the below message to appear in order to make sure that FORT is ready for router connection.
WRN: First validation cycle
successfully ended, now you can connect your router(s)

my FORT status is active running. also all the VRPs have been downloaded and stored in /etc/var/roas.csv

I just need to know what is the indication to know that FORT is running properly and ready for router connection.

thanks for your support.

[ydahhrk]

I just released Fort 1.6.2. It contains the warning.

[haithamjneid]

Ok great, I will install it and keep you posted.

thanks,

[haithamjneid]

hello,
i'm getting the following ERR:

t=15 rsync://rpki.tools.westconnect.ca/repo/ /var/lib/fort//arin.tal/rsync/rpki.tools.westconnect.ca/repo

pnic.tal: None of the URIs of the TAL '/etc/fort/tal/apnic.tal' yielded a successful traversal.
ipe-ncc.tal: None of the URIs of the TAL '/etc/fort/tal/ripe-ncc.tal' yielded a successful traversal.
TAL '/etc/fort/tal/ripe-ncc.tal' yielded error -2 (No such file or directory); discarding all validation results.

below is the configuration:
{
"tal": "/etc/fort/tal/",
"local-repository": "/var/lib/fort/",
"work-offline": false,
"shuffle-uris": false,
"maximum-certificate-depth": 32,
"mode": "server",
"daemon": false,
"server": {
"address": [
"10.123.102.122"
],
"port": "3323",
"backlog": 64,
"interval": {
"validation": 3600,
"refresh": 3600,
"retry": 600,
"expire": 7200
}
},
"slurm": "/etc/fort/slurm/",
"log": {
"enabled": true,
"level": "warning",
"output": "console",
"color-output": false,
"file-name-format": "global-url",
"facility": "daemon"
},
"validation-log": {
"enabled": false,
"level": "warning",
"output": "console",
"color-output": false,
"file-name-format": "global-url",
"facility": "daemon",
"tag": "Validation"
},
"http": {
"enabled": true,
"priority": 60,
"retry": {
"count": 2,
"interval": 5
},
"user-agent": "fort/1.6.1",
"connect-timeout": 30,
"transfer-timeout": 0,
"ca-path": "/usr/local/ssl/certs"
},
"rsync": {
"enabled": true,
"priority": 50,
"retry": {
"count": 2,
"interval": 5
},
"program": "rsync",
"arguments-recursive": [
"--recursive",
"--delete",
"--times",
"--contimeout=20",
"--timeout=15",
"$REMOTE",
"$LOCAL"
],
"arguments-flat": [
"--times",
"--contimeout=20",
"--timeout=15",
"--dirs",
"$REMOTE",
"$LOCAL"
]
},
"incidences": [
{
"name": "incid-hashalg-has-params",
"action": "ignore"
},
{
"name": "incid-obj-not-der-encoded",
"action": "ignore"
},
{
"name": "incid-file-at-mft-not-found",
"action": "error"
},
{
"name": "incid-file-at-mft-hash-not-match",
"action": "error"
},
{
"name": "incid-mft-stale",
"action": "error"
},
{
"name": "incid-crl-stale",
"action": "error"
}
],
"output": {
"roa": "/etc/fort/roas.csv",
"bgpsec": "/etc/fort/bgpsec.csv",
"format": "csv"
},
"thread-pool": {
"server": {
"max": 20
},
"validation": {
"max": 5
}
},
"asn1-decode-max-stack": 4096
}

[ydahhrk]

It's hard to debug with so little output.

Please change

"log": {
"enabled": true,
"level": "warning",

into

"log": {
"enabled": true,
"level": "debug",

and

"validation-log": {
"enabled": false,
"level": "warning",

into

"validation-log": {
"enabled": true,
"level": "debug",

And post the log.

Also, not sure if this is going to help, but try clearing the cache manually: /var/lib/fort/*.

[haithamjneid]

it generates too much logs:

/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.178.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.179.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.180.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.181.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.182.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.183.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.124.184.0/21
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 193.168.224.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.192.0/19
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.193.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.194.0/23
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.196.0/22
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.200.0/21
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.202.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.203.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.204.0/22
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 194.67.208.0/20
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 195.47.250.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: v6 {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9300::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9300:2::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9300:d0::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9300:d1::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9300:d2::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9301::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9301:1::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9301:2::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9302::/32
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0a:9302:1::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0b:7780::/29
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0c:77c0::/32
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: address: 2a0d:3880::/29
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DaQFvPzFZIs1_iUDtwHfv6ImLGE.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: ROA 'rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa' {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: EE Certificate (embedded) {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: serial Number: 135018824021278273303083693915565318739297
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: Subject: 10d77fe035d58268819e6571abde4248d2eb6fad
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: signedObject: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: IP {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: Prefix: 45.137.104.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: eContent {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: asId: 61435
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: ipAddrBlocks {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: v4 {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: address: 45.137.104.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ENd_4DXVgmiBnmVxq95CSNLrb60.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: ROA 'rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa' {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: EE Certificate (embedded) {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: serial Number: 135018824335123947222761401550505571349380
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: Subject: 1268a89d39d3a4f9734f9d8bb275c81f16020242
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: signedObject: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: IP {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: Prefix: 193.34.235.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: Prefix: 193.168.225.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: eContent {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: asId: 209728
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: ipAddrBlocks {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: v4 {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: address: 193.34.235.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: address: 193.168.225.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/EmionTnTpPlzT52LsnXIHxYCAkI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: ROA 'rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa' {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: EE Certificate (embedded) {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: serial Number: 135018824262117535629677354730345095601226
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: Subject: 14ca91a80a42825bf20b1f333c137f44989edcf2
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: signedObject: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: IP {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: Prefix: 2a09:5301:7220::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: eContent {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: asId: 207415
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: ipAddrBlocks {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: v6 {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: address: 2a09:5301:7220::/48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: maxLength: 48
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/FMqRqApCglvyCx8zPBN_RJie3PI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer: ROA 'rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa' {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: EE Certificate (embedded) {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: serial Number: 135123206073100142093610843170089941060630
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Issuer: b4f96345d3f22edb395d247f7b86d2d73e4a0091
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Subject: 164deeff13acabbc38ba126b523469284de21452
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: signedObject: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: IP {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 5.180.136.0/23
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 5.252.116.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 45.89.64.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 45.133.245.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 46.17.106.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 85.209.0.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 95.214.8.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 139.28.220.0/23
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.17.2.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.58.207.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.94.167.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.104.250.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.105.118.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 185.188.181.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 193.109.84.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 194.53.54.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 194.67.200.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 195.66.87.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: Prefix: 2a0a:9300::/32
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: eContent {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: asId: 207569
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ipAddrBlocks {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: v4 {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 5.180.136.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 5.180.137.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 5.252.116.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 45.89.64.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 45.133.245.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 46.17.106.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 85.209.0.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 95.214.8.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 139.28.220.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 139.28.221.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 185.17.2.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 185.58.207.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 185.94.167.0/24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: maxLength: 24
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: }
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: ROAIPAddress {
May 27 20:44:05 saryfortval02 fort[13250]: May 27 20:44:05 DBG [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Fk3u_xOsq7w4uhJrUjRpKE3iFFI.roa: address: 185.104.250.0/24
May 27 20:44:23 saryfortval02 systemd[1]: fort.service: Main process exited, code=exited, status=22/n/a
May 27 20:44:23 saryfortval02 systemd[1]: fort.service: Failed with result 'exit-code'.
May 27 20:44:52 saryfortval02 sudo[14017]: pam_unix(sudo:session): session closed for user root
May 27 20:44:53 saryfortval02 sudo[14052]: haitham.jneid : TTY=pts/0 ; PWD=/home/haitham.jneid ; USER=root ; COMMAND=/sbin/service fort status
May 27 20:44:53 saryfortval02 sudo[14052]: pam_unix(sudo:session): session opened for user root by haitham.jneid(uid=1000)
May 27 20:45:12 saryfortval02 sudo[14052]: pam_unix(sudo:session): session closed for user root
May 27 21:01:02 saryfortval02 CROND[14216]: (root) CMD (run-parts /etc/cron.hourly)
May 27 21:01:02 saryfortval02 run-parts[14219]: (/etc/cron.hourly) starting 0anacron
May 27 21:01:02 saryfortval02 run-parts[14225]: (/etc/cron.hourly) finished 0anacron
May 27 21:01:02 saryfortval02 rsyslogd[1099]: imjournal: 72945 messages lost due to rate-limiting (20000 allowed within 600 seconds)

[ydahhrk]

Ok, sorry about that. Try changing log.level and validation-log.level to "info".

[haithamjneid]

1.6.1 it was working properly for me and I was able to download the ROAs yesterday, however today i tried to re-install it after I failing with 1.6.2. but unfortunately, 1.6.1 no longer working as well:(.
do you have installation steps for 1.6.2 or 1.6.1, I followed that in documentation but it didn't work.
i'm afraid I messed up with user permission or something.
below are the logs:
[haitham.jneid@saryfortval02 ~]$ sudo systemctl start fort
[haitham.jneid@saryfortval02 ~]$ systemctl status fort
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2024-05-27 22:05:05 +03; 11min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 15764 (fort)
Tasks: 24 (limit: 35985)
Memory: 398.6M
CGroup: /system.slice/fort.service
└─15764 /usr/bin/fort --configuration-file /etc/fort/config.json

May 27 22:16:07 saryfortval02 fort[15764]: May 27 22:16:07 WRN [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/X9ot9HVEGGls2-HKWQx9dBRj9Ww.cer: Retry>
May 27 22:16:22 saryfortval02 fort[15764]: May 27 22:16:22 ERR [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/X9ot9HVEGGls2-HKWQx9dBRj9Ww.cer: [RSYN>
May 27 22:16:22 saryfortval02 fort[15764]: May 27 22:16:22 ERR [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/X9ot9HVEGGls2-HKWQx9dBRj9Ww.cer: [RSYN>
May 27 22:16:22 saryfortval02 fort[15764]: May 27 22:16:22 WRN [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/X9ot9HVEGGls2-HKWQx9dBRj9Ww.cer: Max R>
May 27 22:16:22 saryfortval02 fort[15764]: May 27 22:16:22 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/2fd217e5-c782-4d25-94dc-3db07c111f3>
May 27 22:16:25 saryfortval02 fort[15764]: May 27 22:16:25 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/1979f015-2d69-48f1-bb52-3581c4df48f>
May 27 22:16:25 saryfortval02 fort[15764]: May 27 22:16:25 INF [Validation]: https://rpki.xindi.eu/rrdp/notification.xml: HTTP GET: https://rpki.xindi.eu/rr>
May 27 22:16:30 saryfortval02 fort[15764]: May 27 22:16:30 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/ad0eb3cf-9a1b-4112-a607-ae98c2ab12a>
May 27 22:16:34 saryfortval02 fort[15764]: May 27 22:16:34 INF [Validation]: https://ca.rg.net/rrdp/notify.xml: HTTP GET: https://ca.rg.net/rrdp/notify.xml >
May 27 22:16:35 saryfortval02 fort[15764]: May 27 22:16:35 INF [Validation]: https://ca.rg.net/rrdp/eaf7cb9c-717a-4c02-b683-4ee3820ab3d0/deltas/78443.xml: H>

[haitham.jneid@saryfortval02 ~]$ systemctl status fort
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2024-05-27 22:05:05 +03; 12min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 15764 (fort)
Tasks: 23 (limit: 35985)
Memory: 399.4M
CGroup: /system.slice/fort.service
└─15764 /usr/bin/fort --configuration-file /etc/fort/config.json

May 27 22:16:37 saryfortval02 fort[15764]: May 27 22:16:37 ERR [Validation]: rsync://ca.rg.net/rpki/RGnet-OU/NKcuY5DvQmG0vwsI6MT4nqcBcoI.gbr: Expected vCard>
May 27 22:16:37 saryfortval02 fort[15764]: May 27 22:16:37 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/28cd6224-a3b0-468e-aa37-82ca6a3e924>
May 27 22:16:38 saryfortval02 fort[15764]: May 27 22:16:38 INF [Validation]: https://rpki.pudu.be/rrdp/notification.xml: HTTP GET: https://rpki.pudu.be/rrdp>
May 27 22:16:40 saryfortval02 fort[15764]: May 27 22:16:40 INF [Validation]: https://krill.accuristechnologies.ca/rrdp/notification.xml: HTTP GET: https://k>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/1231fd86-c539-46c7-89e9-f3756f3075f>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/bc90f4f6-f2c4-4882-91cf-9b8f0b38d7d>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 INF [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: HTTP GET: https://rpk>
May 27 22:17:16 saryfortval02 fort[15764]: May 27 22:17:16 ERR [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: Error requesting URL:>
May 27 22:17:16 saryfortval02 fort[15764]: May 27 22:17:16 WRN [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: Download failed; retr>

[haitham.jneid@saryfortval02 ~]$ systemctl status fort
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2024-05-27 22:05:05 +03; 13min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 15764 (fort)
Tasks: 24 (limit: 35985)
Memory: 399.8M
CGroup: /system.slice/fort.service
├─15764 /usr/bin/fort --configuration-file /etc/fort/config.json
└─16328 rsync --recursive --delete --times --contimeout=20 --timeout=15 rsync://rpki.komorebi.network/repo/ /var/lib/fort//ripe-ncc.tal/rsync/rpk>

May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/1231fd86-c539-46c7-89e9-f3756f3075f>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/bc90f4f6-f2c4-4882-91cf-9b8f0b38d7d>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/f536a1e4-3bf0-4352-9061-66694d2bcbd>
May 27 22:16:46 saryfortval02 fort[15764]: May 27 22:16:46 INF [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: HTTP GET: https://rpk>
May 27 22:17:16 saryfortval02 fort[15764]: May 27 22:17:16 ERR [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: Error requesting URL:>
May 27 22:17:16 saryfortval02 fort[15764]: May 27 22:17:16 WRN [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: Download failed; retr>
May 27 22:17:51 saryfortval02 fort[15764]: May 27 22:17:51 ERR [Validation]: https://rpki.komorebi.network:3030/rrdp/notification.xml: Error requesting URL:>
May 27 22:17:51 saryfortval02 fort[15764]: May 27 22:17:51 WRN [Validation]: https://rpki.k

[ydahhrk]

Well, I notice there are quite a few objects not downloading right now (even without Fort):

$ curl -O https://rpki.0i1.eu/rrdp/notification.xml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:32 --:--:--     0^C

Not sure what this is about.

Temporarily, try zeroing these values, to speed up the validation cycle:

http.retry.count: 0
rsync.retry.count: 0

May 27 22:16:35 saryfortval02 fort[15764]: May 27 22:16:35 INF [Validation]: https://ca.rg.net/rrdp/eaf7cb9c-717a-4c02-b683-4ee3820ab3d0/deltas/78443.xml: H>

I'm guessing you're copying journalctl's output from your terminal, and that's why it's truncated?

Please dump the output into a file, and post the file:

sudo journalctl -u fort > log.txt

[ydahhrk]

do you have installation steps for 1.6.2 or 1.6.1, I followed that in documentation but it didn't work.

This worked for me:

sudo apt update && sudo apt upgrade
wget https://github.com/NICMx/FORT-validator/releases/download/1.6.2/fort_1.6.2-1_amd64.deb
sudo apt install ./fort_1.6.2-1_amd64.deb

i'm afraid I messed up with user permission or something.

chown -R fort:fort /var/lib/fort/*
chmod -R u=rwX /var/lib/fort

[ydahhrk]

Temporarily, try zeroing these values, to speed up the validation cycle:

http.retry.count: 0
rsync.retry.count: 0

One other thing you can do to achieve a quick test run is to narrow down the TALs to your closest (and/or smallest) RIR. For example, in my case that would be

"tal": "/etc/fort/tal/lacnic.tal",

Notice this will significantly reduce the VRP count. It's only meant to rush a validation cycle and simplify the logs.

Also, try disabling rsync, so it doesn't use it as a fallback:

"rsync": {
"enabled": false,

[haithamjneid]

fort.xlsx
please check attached file log

[ydahhrk]

It seems your connection is a bit slow. Try this.

[ydahhrk]

For example, the following command is failing:

rsync --recursive --delete --times --contimeout=20 --timeout=15 rsync://rpki.apnic.net/repository/ /cache/somewhere/

Try executing that command manually, without --contimeout nor --timeout:

mkdir ~/tmp
cd ~/tmp
rsync --recursive --delete --times rsync://rpki.apnic.net/repository/ potatoes
rm -r potatoes

See how long it normally takes to download it. Then adjust rsync.arguments-recursive in Fort's configuration.

[ydahhrk]

Also: You're still using old Fort 1.5.* configuration, which is not really ideal. Nowadays rsync.arguments-recursive should be

"-rtz", "--delete", "--omit-dir-times", "--contimeout=20", "--max-size=20MB", "--timeout=15",
"--include=*/", "--include=*.cer", "--include=*.crl", "--include=*.gbr", "--include=*.mft",
"--include=*.roa", "--exclude=*", "$REMOTE", "$LOCAL"

Not

"--recursive", "--delete", "--times", "--contimeout=20", "--timeout=15", "$REMOTE", "$LOCAL"

Try reducing your configuration to the following minimum, then work your way up if necessary:

{
	"log": {
		"level": "info"
	},
	"validation-log": {
		"enabled": true,
		"level": "info"
	}
}

[haithamjneid]

Hi,

can you share with me the config.json that you are using for 1.6.1 or 1.6.2

thanks,

[ydahhrk]

Try this first:

{
	"tal": "/etc/fort/tal/lacnic.tal",
	"local-repository": "/var/lib/fort/repository",
	"mode": "server",

	"server": {
		"port": "3323"
	},

	"output": {
		"roa": "/etc/fort/roas.csv",
		"bgpsec": "/etc/fort/bgpsec.csv",
		"format": "csv"
	},

	"log": {
		"enabled": true,
		"level": "info"
	},

	"validation-log": {
		"enabled": true,
		"level": "info"
	},

	"http": {
		"connect-timeout": 30,
		"transfer-timeout": 0,
		"low-speed-limit": 25000
	},

	"rsync": {
			"arguments-recursive": [
			"-rtz",
			"--delete",
			"--omit-dir-times",
			"--contimeout=20",
			"--max-size=20MB",
			"--timeout=60",
			"--include=*/",
			"--include=*.cer",
			"--include=*.crl",
			"--include=*.gbr",
			"--include=*.mft",
			"--include=*.roa",
			"--exclude=*",
			"$REMOTE",
			"$LOCAL"
		]
	}
}

Does Fort eventually print the "now you can connect your routers" message if you configure it like that?

[haithamjneid]

it works, please check below output. what shall i do to fix it for all TALs?
[haitham.jneid@saryfortval02 ~]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2024-05-28 17:57:56 +03; 1min 19s ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 85717 (fort)
Tasks: 22 (limit: 35985)
Memory: 379.7M
CGroup: /system.slice/fort.service
└─85717 /usr/bin/fort --configuration-file /etc/fort/config.json

May 28 17:58:53 saryfortval02 fort[85717]: May 28 17:58:53 ERR [Validation]: rsync://rpki-repo.registro.br/repo/AYCCovAM3iMVZTC7a1ZXHjEgMEaknJfQ8goP1VTojXoz>
May 28 17:58:54 saryfortval02 fort[85717]: May 28 17:58:54 ERR [Validation]: rsync://rpki-repo.registro.br/repo/4FMNxuydgtnPAM56nvpwdRdiWbAvx2PTqGLVjmGiBTYQ>
May 28 17:58:54 saryfortval02 fort[85717]: May 28 17:58:54 ERR [Validation]: rsync://rpki-repo.registro.br/repo/7dWSkfTAcBN1DAAa7Vn7Aay3zvsrT1jnSQYDaS9exV8g>
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: Validation finished:
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: - Valid ROAs: 33895
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: - Valid Router Keys: 0
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: - Serial: 1
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: - Real execution time: 66s
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 WRN: First validation cycle successfully ended, now you can connect your router(s)
May 28 17:59:02 saryfortval02 fort[85717]: May 28 17:59:02 INF: Main loop: Sleeping.

[haithamjneid]

also router will peer as RTR without specifing the IP in the config.json?
[haitham.jneid@saryfortval02 ~]$ sudo sudo ss -tlnp | grep fort
LISTEN 0 128 *:3323 : users:(("fort",pid=85717,fd=3))

[haithamjneid]

also RPKI session is established:
Total number of RPKI session : 1
Session in up state : 1

Session State Age IPv4/IPv6 record VPN
79.139.94.248 Established 01m33s 24912/8983 public

[ydahhrk]

what shall i do to fix it for all TALs?

Look at your TAL directory:

$ ls /etc/fort/tal/
afrinic.tal  apnic.tal  arin.tal  lacnic.tal  ripe-ncc.tal

First, I recommend that you try them one by one. Replace (in your configuration file)

"tal": "/etc/fort/tal/lacnic.tal",

into

"tal": "/etc/fort/tal/afrinic.tal",

Then run Fort until you see the message.

Then replace it with the next one:

"tal": "/etc/fort/tal/apnic.tal",

Keep going until you have run them all. If one of them doesn't work, post its output.

If all of them work, replace with

"tal": "/etc/fort/tal",

To perform a validation run with all of them at the same time.

And let's see what happens.

[ydahhrk]

also router will peer as RTR without specifing the IP in the config.json?

When no IP is configured, Fort tries to bind itself to all available addresses. Feel free to change it to the proper address you want.

[haithamjneid]

[haitham.jneid@saryfortval02 fort]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2024-05-28 18:16:22 +03; 2min 21s ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 86557 (fort)
Tasks: 24 (limit: 35985)
Memory: 2.7M
CGroup: /system.slice/fort.service
├─86557 /usr/bin/fort --configuration-file /etc/fort/config.json
└─86952 rsync -rtz --delete --omit-dir-times --contimeout=20 --max-size=20MB --timeout=60 --include=/ --include=.cer --include=*.crl --include=>

May 28 18:16:22 saryfortval02 fort[86557]: May 28 18:16:22 INF [Validation]: /etc/fort/tal/apnic.tal: rsync: rsync://rpki.apnic.net/repository/
May 28 18:16:47 saryfortval02 fort[86557]: May 28 18:16:47 INF: Client accepted [FD: 5]: ::ffff:10.1.177.41
May 28 18:16:47 saryfortval02 fort[86557]: May 28 18:16:47 INF: Client accepted [FD: 7]: ::ffff:10.1.176.5
May 28 18:16:47 saryfortval02 fort[86557]: May 28 18:16:47 INF: Client accepted [FD: 8]: ::ffff:10.1.177.5
May 28 18:16:47 saryfortval02 fort[86557]: May 28 18:16:47 INF: Client accepted [FD: 9]: ::ffff:10.1.178.5
May 28 18:16:48 saryfortval02 fort[86557]: May 28 18:16:48 INF: Client accepted [FD: 10]: ::ffff:10.1.176.41
May 28 18:16:48 saryfortval02 fort[86557]: May 28 18:16:48 INF: Client accepted [FD: 11]: ::ffff:10.1.178.41
May 28 18:17:53 saryfortval02 fort[86557]: May 28 18:17:53 ERR [Validation]: /etc/fort/tal/apnic.tal: [RSYNC exec]: [Receiver] io timeout after 60 seconds ->
May 28 18:17:53 saryfortval02 fort[86557]: May 28 18:17:53 ERR [Validation]: /etc/fort/tal/apnic.tal: [RSYNC exec]: rsync error: timeout in data send/receiv>
May 28 18:17:53 saryfortval02 fort[86557]: May 28 18:17:53 WRN [Validation]: /etc/fort/tal/apnic.tal: Retrying RSYNC 'rsync://rpki.apnic.net/repository/' in>
l

[haithamjneid]

ARIN didn't worki
[haitham.jneid@saryfortval02 fort]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2024-05-28 18:20:43 +03; 1min 37s ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 87131 (fort)
Tasks: 24 (limit: 35985)
Memory: 2.7M
CGroup: /system.slice/fort.service
├─87131 /usr/bin/fort --configuration-file /etc/fort/config.json
└─87547 rsync -rtz --delete --omit-dir-times --contimeout=20 --max-size=20MB --timeout=60 --include=/ --include=.cer --include=*.crl --include=>

May 28 18:20:43 saryfortval02 fort[87131]: May 28 18:20:43 INF [Validation]: /etc/fort/tal/arin.tal: rsync: rsync://rpki.arin.net/repository/
May 28 18:20:58 saryfortval02 fort[87131]: May 28 18:20:58 INF: Client accepted [FD: 5]: ::ffff:10.1.177.41
May 28 18:20:58 saryfortval02 fort[87131]: May 28 18:20:58 INF: Client accepted [FD: 7]: ::ffff:10.1.176.5
May 28 18:20:58 saryfortval02 fort[87131]: May 28 18:20:58 INF: Client accepted [FD: 8]: ::ffff:10.1.178.5
May 28 18:20:58 saryfortval02 fort[87131]: May 28 18:20:58 INF: Client accepted [FD: 9]: ::ffff:10.1.178.41
May 28 18:20:58 saryfortval02 fort[87131]: May 28 18:20:58 INF: Client accepted [FD: 10]: ::ffff:10.1.177.5
May 28 18:20:59 saryfortval02 fort[87131]: May 28 18:20:59 INF: Client accepted [FD: 11]: ::ffff:10.1.176.41
May 28 18:22:14 saryfortval02 fort[87131]: May 28 18:22:14 ERR [Validation]: /etc/fort/tal/arin.tal: [RSYNC exec]: [Receiver] io timeout after 60 seconds -->
May 28 18:22:14 saryfortval02 fort[87131]: May 28 18:22:14 ERR [Validation]: /etc/fort/tal/arin.tal: [RSYNC exec]: rsync error: timeout in data send/receive>
May 28 18:22:14 saryfortval02 fort[87131]: May 28 18:22:14 WRN [Validation]: /etc/fort/tal/arin.tal: Retrying RSYNC 'rsync://rpki.arin.net/repository/' in 4>
lines 1-22/22 (END)

[haithamjneid]

all fails except lacnic and afrinic. check logs.
FORT LOG.txt

[ydahhrk]

ARIN didn't worki

Ok. Try running this:

mkdir ~/tmp
cd ~/tmp
time rsync -rtz --delete --omit-dir-times --max-size=20MB --include=*/ --include=*.cer --include=*.crl --include=*.gbr --include=*.mft --include=*.roa --exclude=* rsync://rpki.arin.net/repository/ potatoes
rm -r potatoes

It should print how long it took:

real	0m12.958s
user	0m3.140s
sys	0m5.149s

How long does it take for you?

[ydahhrk]

It's weird that it rsyncs ARIN without trying HTTP first. Do you have an HTTPS URL in /etc/fort/tal/arin.tal?

Mine reads like this:

$ cat /etc/fort/tal/arin.tal
rsync://rpki.arin.net/repository/arin-rpki-ta.cer
https://rrdp.arin.net/arin-rpki-ta.cer

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5FnreHMJjg8
pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlNf2SRP3UB+VJFgtTj
0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1EpK9CbLJS4m37+RlpNbT1cba+
b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtwwDYlbHzp2xk9owF3mkCxzl0HwncO+sEHH
eaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg+nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB

[haithamjneid]

now Arin works, all TALs have https except apnic.tal eventhough i refreshed them. any clue?

[haithamjneid]

it seems apnic don't use https:
https://tal.apnic.net/apnic.tal

[haithamjneid]

but why rsync is not working?

[ydahhrk]

Most likely because it's timing out. Look at Fort's rsync arguments in the configuration; It only has 60 seconds to sync. That's why I wanted you to execute the rsync manually; to find out what's a reasonable timeout for your connection. If you don't want to run the command manually, try increasing --timeout until it works.

…

On Tue, May 28, 2024, 13:27 haithamjneid ***@***.***> wrote: but why rsync is not working? — Reply to this email directly, view it on GitHub <#133 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AASHNF7RA7HBRSCDOWEALETZETLAXAVCNFSM6AAAAABIDKQGWSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZVHE2TSNBRGI> . You are receiving this because you commented.Message ID: ***@***.***>

[haithamjneid]

[haitham.jneid@saryfortval02 tmp]$ time rsync -rtz --delete --omit-dir-times --max-size=20MB --include=/ --include=.cer --include=.crl --include=.gbr --include=.mft --include=.roa --exclude=* rsync://rpki.arin.net/repository/ potatoes
^Crsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(644) [Receiver=3.1.3]

real 0m18.121s
user 0m0.000s
sys 0m0.006s
[haitham.jneid@saryfortval02 tmp]$ time rsync -rtz --delete --omit-dir-times --max-size=20MB --include=/ --include=.cer --include=.crl --include=.gbr --include=.mft --include=.roa --exclude=* rsync://rpki.arin.net/repository/ potatoes

^Crsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(644) [Receiver=3.1.3]

real 7m8.195s
user 0m0.001s
sys 0m0.002s

[ydahhrk]

sync://rpki.arin.net/repository/ potatoes
real 7m8.195s

Ok. That is weird, but notice that's ARIN's URL. You said ARIN was now working fine because it was using HTTP.

If you want to fix APNIC, read the APNIC logs:

May 28 18:16:22 saryfortval02 fort[86557]: May 28 18:16:22 INF [Validation]: /etc/fort/tal/apnic.tal: rsync: rsync://rpki.apnic.net/repository/
...
May 28 18:17:53 saryfortval02 fort[86557]: May 28 18:17:53 ERR [Validation]: /etc/fort/tal/apnic.tal: [RSYNC exec]: [Receiver] io timeout after 60 seconds -- exiting

So the APNIC rsync URL is rsync://rpki.apnic.net/repository/. Try to time that one:

time rsync -rtz --delete --omit-dir-times --max-size=20MB --include=*/ --include=*.cer \
	--include=*.crl --include=*.gbr --include=*.mft --include=*.roa --exclude=* \
	rsync://rpki.apnic.net/repository/ tomatoes

[ydahhrk]

(Remember to remove --contimeout and --timeout during the time rsync)

[ydahhrk]

$ time rsync -rtz --delete --omit-dir-times --max-size=20MB --include=/ --include=.cer --include=.crl --include=.gbr --include=.mft --include=.roa --exclude=* rsync://rpki.arin.net/repository/ potatoes
^Crsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(644) [Receiver=3.1.3]

real 7m8.195s
user 0m0.001s
sys 0m0.002s

Ok, so... what I'm getting out of this is that you interrupted the rsync because it was taking too long. You reckon it got stuck?

Tip: Add --progress. That way it'll tell you what it's doing:

$ time rsync --progress -rtz --delete --omit-dir-times --max-size=20MB rsync://rpki.apnic.net/repository/ potatoes
receiving incremental file list
apnic-rpki-root-iana-origin.cer
          1,211 100%    1.15MB/s    0:00:00 (xfr#1, to-chk=6685/6687)
838DB214166511E2B3BC286172FD1FF2/
838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
            444 100%  433.59kB/s    0:00:00 (xfr#2, to-chk=6677/6687)
838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
          1,954 100%    1.86MB/s    0:00:00 (xfr#3, to-chk=6676/6687)
838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
          1,501 100%    1.43MB/s    0:00:00 (xfr#4, to-chk=6675/6687)
980652E0B77E11E7A96A39521A4F4FB4/
980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
          2,769 100%    2.64MB/s    0:00:00 (xfr#5, to-chk=6674/6687)
980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
          2,825 100%    2.69MB/s    0:00:00 (xfr#6, to-chk=6673/6687)
980652E0B77E11E7A96A39521A4F4FB4/NI-bm5KnLM_Tbzxw81Z1czzI6iI.cer
          1,624 100%    1.55MB/s    0:00:00 (xfr#7, to-chk=6672/6687)
980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
         11,239 100%   10.72MB/s    0:00:00 (xfr#8, to-chk=6671/6687)
980652E0B77E11E7A96A39521A4F4FB4/lqhe9LjK9dTDWhV_ThJe5JS6-Tk.cer
etc etc etc

[haithamjneid]

same, no progress
[haitham.jneid@saryfortval02 ~]$ time rsync --progress -rtz --delete --omit-dir-times --max-size=20MB rsync://rpki.apnic.net/repository/ potatoes
^Crsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(644) [Receiver=3.1.3]

real 1m41.876s
user 0m0.000s
sys 0m0.003s
[haitham.jneid@saryfortval02 ~]$

[haithamjneid]

don't know why rsync is not working and https is working.

[haithamjneid]

for apnic, do they have https instead of rsync?

[haithamjneid]

below are the rsync from Routinator RPKI. don't know if they give any clue. I run Routinator and it is working properly and downloading all ROAs. however I need to run FORT as well. why apnic don't have https?
RSYNC
URL Status Duration
rsync://rpki.co/repo/ 10 0.15% 0.438s
rsync://rpki.nap.re/repo/ 5 0.29% 0.87s
rsync://rpki.caramelfox.net/repo/ 10 0.40% 1.215s
rsync://krill.ca-bc-01.ssmidge.xyz/repo/ 10 0.14% 0.423s
rsync://rpki.ssmidge.xyz/repo/ 35 3.73% 11.204s
rsync://rpki.0i1.eu/repo/ 10 0.73% 2.179s
rsync://pub.rpki.win/repo/ 10 3.34% 10.032s
rsync://rpkica.mckay.com/rpki/ -1 100.00% 300.002s
rsync://rpki.komorebi.network/repo/ -1 100.00% 300.002s
rsync://rsync.rpki.co/rpki/ -1 100.00% 300.002s
rsync://rpki.netiface.net/repo/ 35 3.40% 10.211s
rsync://krill.stonham.info/repo/ 35 3.44% 10.33s
rsync://rpki.qs.nu/repo/ 35 3.40% 10.208s
rsync://pub.krill.ausra.cloud/repo/ -1 100% 300.003s

[ydahhrk]

don't know why rsync is not working and https is working.

Works for me. Might be the work of some firewall.

I run Routinator and it is working properly and downloading all ROAs. however I need to run FORT as well. why apnic don't have https?

Routinator's APNIC TAL does have HTTP. Looks like it's time to update Fort's.

Try using Routinator's TAL:

sudo curl https://raw.githubusercontent.com/NLnetLabs/routinator/main/tals/apnic.tal -o /etc/fort/tal/apnic.tal

[haithamjneid]

I used Routinator's TAL but it didn't work as well. I also removed the rsync link from all the TALs and kept only the https link. also not working.
is there a way to avoid using RSYNC and rely solely on https? or RSYNC is a must.
when I try each TAL alone, they work properly, except for the apnic.

by the way, I have a VM for Routinator next to VM FORT, Routinator is working and FORT is not. !!!

[haithamjneid]

hello again,

after I updated all the TALs to use only HTTPS and removed the RSYNC, it is working now as per below and all ROAs have been downloaded and fetched by the routers.
[haitham.jneid@saryfortval02 tal]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2024-05-30 11:05:49 +03; 1h 44min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 129944 (fort)
Tasks: 22 (limit: 35985)
Memory: 485.5M
CGroup: /system.slice/fort.service
└─129944 /usr/bin/fort --configuration-file /etc/fort/config.json

May 30 12:45:07 saryfortval02 fort[129944]: May 30 12:45:07 WRN [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/xZR-zIaDrQ282VqPMy8MqhNXR5A.cer: Retr>
May 30 12:45:23 saryfortval02 fort[129944]: May 30 12:45:23 ERR [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/xZR-zIaDrQ282VqPMy8MqhNXR5A.cer: [RSY>
May 30 12:45:23 saryfortval02 fort[129944]: May 30 12:45:23 ERR [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/xZR-zIaDrQ282VqPMy8MqhNXR5A.cer: [RSY>
May 30 12:45:23 saryfortval02 fort[129944]: May 30 12:45:23 WRN [Validation]: rsync://rpki.ripe.net/repository/DEFAULT/xZR-zIaDrQ282VqPMy8MqhNXR5A.cer: Max >
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: Validation finished:
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: - Valid ROAs: 546906
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: - Valid Router Keys: 0
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: - Serial: 2
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: - Real execution time: 1186s
May 30 12:45:28 saryfortval02 fort[129944]: May 30 12:45:28 INF: Main loop: Sleeping.

check attached.

[ydahhrk]

after I updated all the TALs to use only HTTPS and removed the RSYNC, it is working now as per below and all ROAs have been downloaded and fetched by the routers.

Caveat: Removing rsync from the TALs does not disable rsync globally. I suspect your rsync started working suddenly, or Routinator's rsync also doesn't work. See below.

is there a way to avoid using RSYNC and rely solely on https? or RSYNC is a must.

RPKI repositories have three options for serving their files: HTTP, rsync or both. When both are used, rsync is supposed to function as fallback in case HTTP fails.

But note that serving files via rsync only is still an option. It's not the recommended way of doing it, but it's absolutely legal. This means that if your rsync doesn't work, you will potentially miss out on some VRPs.

So yes, there is a way to completely disable rsync, but I don't recommend it:

"rsync": {
	"enabled": false
},

What you really want is to fix rsync.

It's not clear whether your Routinator's rsync is working or not, because your output shows that Routinator and Fort ended up with a very similar amount of records. If Routinator's rsync worked and Fort's didn't, I would expect Routinator to have more records.

According to Routinator's code 0 1, its rsync is (assuming your rsync supports --contimeout)

rsync --contimeout=10 --max-size=20000000 -rltz --delete rsync://rpki.apnic.net/repository/ lettuce

Can you please check if that works? (If it doesn't work, try removing --contimeout=10.)

But if it works, please confirm whether Fort's rsync still doesn't work:

rsync -rtz --delete --omit-dir-times --max-size=20MB --include=*/ --include=*.cer \
	--include=*.crl --include=*.gbr --include=*.mft --include=*.roa --exclude=* \
	rsync://rpki.apnic.net/repository/ carrots

[haithamjneid]

hello,
thanks for your informative replies.

I want to inform you that my Routinator is downloading exactly the same number of ROAs as per below online Routinator from RIPE.
https://rpki-validator.ripe.net/ui/metrics
this means that it working properly and as expected.

as for FORT, it is also downloading the same number of ROAs. I believe both now are working properly.

how many ROAs your FORT has downloaded?

thanks,

[ydahhrk]

Okay, if you're happy with this outcome, feel free to close the issue.

[haithamjneid]

still RSYNC is not working, don't know why, we allowed it on Firewall and make sure access is open.

FORT is working properly using HTTPS:

[haitham.jneid@saryfortval02 ~]$ sudo service fort status
Redirecting to /bin/systemctl status fort.service
● fort.service - FORT RPKI validator
Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2024-06-03 16:20:53 +03; 5min ago
Docs: man:fort(8)
https://nicmx.github.io/FORT-validator/
Main PID: 280947 (fort)
Tasks: 22 (limit: 35985)
Memory: 133.1M
CGroup: /system.slice/fort.service
└─280947 /usr/bin/fort --configuration-file /etc/fort/config.json

Jun 03 16:26:09 saryfortval02 fort[280947]: Jun 3 16:26:09 ERR [Validation]: rsync://rsync.paas.rpki.ripe.net/repository/491a43bc-76ec-4abe-ba7d-e73e90d662>
Jun 03 16:26:09 saryfortval02 fort[280947]: Jun 3 16:26:09 ERR [Validation]: rsync://rpki.co/repo/Riffi/0/CB2B40C722F645663A261D605D1C78BD1B720065.mft: Cou>
Jun 03 16:26:09 saryfortval02 fort[280947]: Jun 3 16:26:09 ERR [Validation]: rsync://rpki.co/repo/Riffi/0/CB2B40C722F645663A261D605D1C78BD1B720065.mft: Fil>
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: Validation finished:
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: - Valid ROAs: 548597
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: - Valid Router Keys: 0
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: - Serial: 1
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: - Real execution time: 319s
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 WRN: First validation cycle successfully ended, now you can connect your router(s)
Jun 03 16:26:12 saryfortval02 fort[280947]: Jun 3 16:26:12 INF: Main loop: Sleeping.

this is Routinator:
[haitham.jneid@saryfortval01 ~]$ curl -s http://10.123.102.121:8323/status | grep vrps
vrps: 556731
vrps-per-tal: afrinic=9549 apnic=130956 arin=127546 lacnic=33857 ripe=254823
locally-filtered-vrps: 0
locally-filtered-vrps-per-tal: afrinic=0 apnic=0 arin=0 lacnic=0 ripe=0
duplicate-vrps-per-tal: afrinic=684 apnic=548 arin=6724 lacnic=0 ripe=29
locally-added-vrps: 0
final-vrps: 548746
final-vrps-per-tal: afrinic=8865 apnic=130408 arin=120822 lacnic=33857 ripe=254794
[haitham.jneid@saryfortval01 ~]$

could you please share your final vrps number to compare it with mine.

[ydahhrk]

could you please share your final vrps number to compare it with mine.

548,806 VRPs at 2024-06-03 15:52:01 UTC.